Latest Version 2.3.2
September 8, 2025
QRadar
This app supports generic, investigative, and ingestion actions on an IBM QRadar device
Built by
Compatibility
SOAR On-Prem, SOAR Cloud
Platform Version: 8.4, 8.0, 7.2, 7.1, 7.0, 6.4, 6.3, 6.2, 6.1, 6.0, 5.5, 5.4, 5.3, 5.2
Rating
0
(0)
Log in to rate this app
Support
Splunk Supported connector
Ranking
#7
in SIEM
This app supports generic, investigative, and ingestion actions on an IBM QRadar device
Supported Actions
- test connectivity: Validate the asset configuration for connectivity. This action runs a quick query on the device to check the connection and credentials
- list offenses: Get a list of offenses
- list closing reasons: Get a list of offense closing reasons
- get events: Get events belonging to an offense
- get flows: Get flows that make up an offense for a particular IP
- offense details: Get details about an offense
- alt manage ingestion: Manage ingestion details
- run query: Execute an ariel query on the QRadar device
- add listitem: Add an item to a reference set in QRadar
- close offense: Close an active offense, marking status=CLOSED
- update offense: Attach a note to an offense
- assign user: Assign the user to an offense
- get rule info: Retrieve QRadar rule information
- list rules: List all QRadar rules
- on poll: Callback action for the on_poll ingest functionality
Categories
SIEM
Created By
Splunk LLC
Source Code
GitHub(Opens new window)Type
connector
Downloads
28,140
Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing